diff --git a/local-waydroid-nft.te b/local-waydroid-nft.te
new file mode 100644
index 0000000..de6e2ed
--- /dev/null
+++ b/local-waydroid-nft.te
@@ -0,0 +1,11 @@
+
+module local-waydroid-nft 1.0;
+
+require {
+	type virtd_t;
+	type iptables_t;
+	class process { noatsecure rlimitinh siginh };
+}
+
+#============= virtd_t ==============
+allow virtd_t iptables_t:process { noatsecure rlimitinh siginh };